ai-zero-token 2.0.1 → 2.0.3

package/dist/server/app.js

@@ -8,7 +8,6 @@ import cors from "@fastify/cors";
 import { z } from "zod";
 import { createGatewayContext } from "../core/context.js";
 import { requestText } from "../core/providers/http-client.js";
-import { renderAdminPage } from "./admin-page.js";
 const packageRoot = path.dirname(fileURLToPath(new URL("../../package.json", import.meta.url)));
 const adminUiDistDir = path.join(packageRoot, "admin-ui", "dist");
 const adminUiIndexPath = path.join(adminUiDistDir, "index.html");
@@ -26,14 +25,6 @@ const assetContentTypes = {
   ".svg": "image/svg+xml",
   ".webp": "image/webp"
 };
-async function pathExists(targetPath) {
-  try {
-    await fs.access(targetPath);
-    return true;
-  } catch {
-    return false;
-  }
-}
 function getContentType(filePath) {
   return assetContentTypes[path.extname(filePath).toLowerCase()] ?? "application/octet-stream";
 }
@@ -123,6 +114,12 @@ const settingsUpdateSchema = z.object({
   }).optional(),
   autoSwitch: z.object({
     enabled: z.boolean()
+  }).optional(),
+  runtime: z.object({
+    quotaSyncConcurrency: z.number().int().min(1).max(32).optional()
+  }).optional(),
+  server: z.object({
+    port: z.number().int().min(1).max(65535)
   }).optional()
 });
 const proxyTestSchema = z.object({
@@ -135,9 +132,15 @@ const proxyTestSchema = z.object({
 const profileActionSchema = z.object({
   profileId: z.string().min(1)
 });
+const profileRemoveBatchSchema = z.object({
+  profileIds: z.array(z.string().min(1)).min(1)
+});
 const profileImportSchema = z.object({
   profile: z.unknown()
 });
+const runtimeRefreshSchema = z.object({
+  staleOnly: z.boolean().optional()
+});
 const profileExportSchema = z.object({
   profileId: z.string().min(1).optional(),
   profileIds: z.array(z.string().min(1)).optional(),
@@ -146,6 +149,19 @@ const profileExportSchema = z.object({
 const codexApplySchema = z.object({
   profileId: z.string().min(1)
 });
+const githubImageBedConfigSchema = z.object({
+  token: z.string().min(1)
+});
+const githubImageBedUploadSchema = z.object({
+  filename: z.string().min(1),
+  dataUrl: z.string().min(1)
+});
+const githubImageBedHistoryQuerySchema = z.object({
+  limit: z.coerce.number().int().min(1).max(100).optional()
+});
+const githubImageBedHistoryParamsSchema = z.object({
+  id: z.string().min(1)
+});
 const imageGenerationsBodySchema = z.object({
   prompt: z.string().min(1),
   model: z.string().optional(),
@@ -431,6 +447,7 @@ function serializeProfile(profile) {
     email: profile.email,
     quota: profile.quota,
     authStatus: profile.authStatus,
+    exportAudit: profile.exportAudit,
     expiresAt: profile.expires,
     accessTokenPreview: maskSecret(profile.access),
     refreshTokenPreview: maskSecret(profile.refresh)
@@ -444,6 +461,7 @@ function serializeManagedProfile(profile) {
     email: profile.email,
     quota: profile.quota,
     authStatus: profile.authStatus,
+    exportAudit: profile.exportAudit,
     expiresAt: profile.expiresAt,
     accessTokenPreview: profile.accessTokenPreview,
     refreshTokenPreview: profile.refreshTokenPreview,
@@ -486,7 +504,7 @@ function createApp(params) {
   const ctx = createGatewayContext();
   void app.register(cors, {
     origin: params?.corsOrigin ?? true,
-    methods: ["GET", "POST", "PUT", "OPTIONS"]
+    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
   });
   app.setErrorHandler((error, request, reply) => {
     const normalized = normalizeError(error);
@@ -529,6 +547,7 @@ function createApp(params) {
       codex: codexStatus,
       adminUrl: `${origin}/`,
       baseUrl: `${origin}/v1`,
+      restartSupported: Boolean(params?.onRestart),
       supportedEndpoints: [
         {
           method: "GET",
@@ -559,12 +578,18 @@ function createApp(params) {
     };
   }
   app.get("/", async (_request, reply) => {
-    if (await pathExists(adminUiIndexPath)) {
+    try {
       reply.header("Content-Type", "text/html; charset=utf-8");
       return fs.readFile(adminUiIndexPath, "utf8");
+    } catch {
+      reply.code(503);
+      return {
+        error: {
+          type: "admin_ui_missing",
+          message: "React \u7BA1\u7406\u9875\u672A\u6784\u5EFA\uFF0C\u8BF7\u5148\u8FD0\u884C npm run build:ui\u3002"
+        }
+      };
     }
-    reply.header("Content-Type", "text/html; charset=utf-8");
-    return renderAdminPage();
   });
   app.get("/assets/*", async (request, reply) => {
     const assetPath = request.params["*"];
@@ -598,10 +623,21 @@ function createApp(params) {
       catalog: result.catalog
     };
   });
-  app.post("/_gateway/admin/runtime-refresh", async (request) => {
+  app.post("/_gateway/admin/runtime-refresh", async (request, reply) => {
+    const parsed = runtimeRefreshSchema.safeParse(request.body ?? {});
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
     const [quotaSync] = await Promise.all([
       ctx.authService.syncAllProfileQuotas("openai-codex", {
-        suppressErrors: true
+        suppressErrors: true,
+        staleAfterMs: parsed.data.staleOnly ? 30 * 60 * 1e3 : void 0
       }),
       ctx.versionService.getVersionStatus({
         force: true
@@ -674,6 +710,23 @@ function createApp(params) {
     await ctx.authService.removeProfile(parsed.data.profileId);
     return buildAdminConfig(request);
   });
+  app.post("/_gateway/admin/profiles/remove-batch", async (request, reply) => {
+    const parsed = profileRemoveBatchSchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    const removedProfileCount = await ctx.authService.removeProfiles(parsed.data.profileIds);
+    return {
+      ...await buildAdminConfig(request),
+      removedProfileCount
+    };
+  });
   app.post("/_gateway/admin/profiles/import", async (request, reply) => {
     const parsed = profileImportSchema.safeParse(request.body);
     if (!parsed.success) {
@@ -694,6 +747,23 @@ function createApp(params) {
       importedProfileCount: importedProfiles.length
     };
   });
+  app.post("/_gateway/admin/profiles/import/validate", async (request, reply) => {
+    const parsed = profileImportSchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    const profiles = ctx.authService.validateProfilesImport(parsed.data.profile);
+    return {
+      valid: true,
+      profileCount: profiles.length
+    };
+  });
   app.get("/_gateway/admin/profiles/import-template", async () => ({
     profile: ctx.authService.getProfileImportTemplate()
   }));
@@ -710,11 +780,13 @@ function createApp(params) {
     }
     if (parsed.data.all || parsed.data.profileIds) {
       return {
-        profile: await ctx.authService.exportProfiles(parsed.data.profileIds)
+        profile: await ctx.authService.exportProfiles(parsed.data.profileIds, "openai-codex", parsed.data.all ? "all" : "batch"),
+        config: await buildAdminConfig(request)
       };
     }
     return {
-      profile: await ctx.authService.exportProfile(parsed.data.profileId)
+      profile: await ctx.authService.exportProfile(parsed.data.profileId),
+      config: await buildAdminConfig(request)
     };
   });
   app.post("/_gateway/admin/codex/apply", async (request, reply) => {
@@ -744,17 +816,29 @@ function createApp(params) {
         }
       };
     }
-    if (parsed.data.defaultModel) {
-      await ctx.configService.setDefaultModel(parsed.data.defaultModel);
-    }
-    if (parsed.data.networkProxy) {
-      await ctx.configService.setNetworkProxy(parsed.data.networkProxy);
-    }
-    if (parsed.data.autoSwitch) {
-      await ctx.configService.setAutoSwitch(parsed.data.autoSwitch);
-    }
+    await ctx.configService.updateSettings(parsed.data);
     return buildAdminConfig(request);
   });
+  app.post("/_gateway/admin/restart", async (_request, reply) => {
+    if (!params?.onRestart) {
+      reply.code(501);
+      return {
+        error: {
+          type: "not_supported",
+          message: "\u5F53\u524D\u73AF\u5883\u4E0D\u652F\u6301\u91CD\u542F\u3002"
+        }
+      };
+    }
+    setTimeout(() => {
+      void Promise.resolve(params.onRestart?.()).catch((error) => {
+        console.error("[gateway:restart]", error);
+      });
+    }, 100);
+    return {
+      ok: true,
+      restarting: true
+    };
+  });
   app.post("/_gateway/admin/settings/proxy-test", async (request, reply) => {
     const parsed = proxyTestSchema.safeParse(request.body);
     if (!parsed.success) {
@@ -809,6 +893,64 @@ function createApp(params) {
     const settings = await ctx.configService.getSettings();
     return ctx.networkDetectService.collectReport(settings.networkProxy);
   });
+  app.get("/_gateway/image-bed/config", async () => ctx.githubImageBedService.getConfig());
+  app.post("/_gateway/image-bed/validate", async () => ctx.githubImageBedService.testConnection());
+  app.get("/_gateway/image-bed/history", async (request, reply) => {
+    const parsed = githubImageBedHistoryQuerySchema.safeParse(request.query ?? {});
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u53C2\u6570\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    return ctx.githubImageBedService.listHistory(parsed.data.limit ?? 50);
+  });
+  app.put("/_gateway/image-bed/config", async (request, reply) => {
+    const parsed = githubImageBedConfigSchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    return ctx.githubImageBedService.saveToken(parsed.data.token);
+  });
+  app.delete("/_gateway/image-bed/config", async () => ctx.githubImageBedService.clearToken());
+  app.post("/_gateway/image-bed/upload", async (request, reply) => {
+    const parsed = githubImageBedUploadSchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    const uploaded = await ctx.githubImageBedService.uploadImage(parsed.data);
+    await ctx.githubImageBedService.rememberUpload(uploaded);
+    return uploaded;
+  });
+  app.delete("/_gateway/image-bed/history/:id", async (request, reply) => {
+    const parsed = githubImageBedHistoryParamsSchema.safeParse(request.params);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u53C2\u6570\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    return ctx.githubImageBedService.deleteHistoryItem(parsed.data.id);
+  });
+  app.delete("/_gateway/image-bed/history", async () => ctx.githubImageBedService.clearHistory());
   app.get("/v1/models", async () => ({
     object: "list",
     data: (await ctx.modelService.listModels()).map((model) => ({

package/dist/server/index.js

@@ -21,27 +21,53 @@ function resolveBodyLimitBytes() {
   }
   return Math.floor(value * 1024 * 1024);
 }
+function isPortInUseError(error) {
+  const normalized = error;
+  if (normalized.code === "EADDRINUSE") {
+    return true;
+  }
+  return typeof normalized.message === "string" && normalized.message.includes("EADDRINUSE");
+}
 async function startServer(params) {
   const bodyLimit = resolveBodyLimitBytes();
-  const app = createApp({
-    corsOrigin: resolveCorsOrigin(),
-    bodyLimit
-  });
   const configService = new ConfigService();
   const defaults = await configService.getServerConfig();
   const host = params?.host ?? defaults.host;
   const port = params?.port ?? defaults.port;
-  await app.listen({
-    host,
-    port
-  });
-  return {
-    app,
-    host,
-    port,
-    corsOrigin: process.env.AZT_CORS_ORIGIN?.trim() || "*",
-    bodyLimit
-  };
+  const maxPortAttempts = 20;
+  let lastError;
+  for (let offset = 0; offset <= maxPortAttempts; offset += 1) {
+    const listenPort = port + offset;
+    const app = createApp({
+      corsOrigin: resolveCorsOrigin(),
+      bodyLimit,
+      onRestart: params?.onRestart
+    });
+    try {
+      await app.listen({
+        host,
+        port: listenPort
+      });
+      if (offset > 0) {
+        console.warn(`[server] port ${port} was busy, using ${listenPort} instead.`);
+        await configService.setServerConfig({ port: listenPort });
+      }
+      return {
+        app,
+        host,
+        port: listenPort,
+        corsOrigin: process.env.AZT_CORS_ORIGIN?.trim() || "*",
+        bodyLimit
+      };
+    } catch (error) {
+      await app.close().catch(() => void 0);
+      if (!isPortInUseError(error) || offset === maxPortAttempts) {
+        throw error;
+      }
+      lastError = error;
+    }
+  }
+  throw lastError ?? new Error("\u65E0\u6CD5\u542F\u52A8\u672C\u5730\u670D\u52A1\u3002");
 }
 export {
   startServer

package/docs/DESKTOP_RELEASE.md

@@ -41,6 +41,13 @@ npm run dist:win
 
 Creates macOS and Windows distributables. macOS builds should be produced on macOS. Windows builds are best produced on Windows CI or a runner with a complete Windows packaging environment.
 
+`npm run dist:mac` must build both Apple Silicon and Intel macOS packages. It runs:
+
+```bash
+npm run dist:mac:arm64
+npm run dist:mac:x64
+```
+
 ## UI Engineering Standards
 
 Before building release artifacts, the desktop React UI should follow:
@@ -65,6 +72,8 @@ Unsigned builds are suitable for internal testing only. Public commercial distri
 
 `electron-builder` reads the standard signing environment variables. Configure these in CI instead of committing credentials to the repository.
 
+Until macOS Developer ID signing and notarization are configured, each macOS DMG must include `build/mac-install-guide.txt` so users can handle the Gatekeeper verification prompt.
+
 ## Release Artifacts
 
 The packaged output is written to:
@@ -75,17 +84,40 @@ release/
 
 The folder is intentionally ignored by git.
 
+Every desktop GitHub Release must upload exactly these user-facing artifacts:
+
+```text
+AI Zero Token-{version}-mac-arm64.dmg
+AI Zero Token-{version}-mac-x64.dmg
+AI Zero Token Setup {version}.exe
+AI Zero Token-{version}-win.zip
+```
+
+Artifact purpose:
+
+- `AI Zero Token-{version}-mac-arm64.dmg`: macOS Apple Silicon builds for M1/M2/M3/M4 devices.
+- `AI Zero Token-{version}-mac-x64.dmg`: macOS Intel builds.
+- `AI Zero Token Setup {version}.exe`: Windows installer and primary Windows download.
+- `AI Zero Token-{version}-win.zip`: Windows portable zip.
+
+Do not upload unpacked app directories, debug metadata, universal macOS builds, or auto-update metadata unless the release explicitly enables an auto-update channel.
+
+macOS DMG files should include the in-package `mac-install-guide.txt` helper document. Do not upload this text file as a standalone GitHub Release asset.
+
 ### Publish Flow
 
 1. Build the desktop package:
 
    ```bash
-   npm run dist:dir
+   npm run dist:mac
+   npm run dist:win
    ```
 
-2. Upload the generated files from `release/` to the matching GitHub Release tag.
+2. Rename the generated files, if needed, so the GitHub Release uses the standard artifact names listed above.
+
+3. Upload only the standard artifact files from `release/` to the matching GitHub Release tag.
 
-3. Publish the npm package after confirming `package.json` and `package-lock.json` both point at the new version:
+4. Publish the npm package after confirming `package.json` and `package-lock.json` both point at the new version:
 
    ```bash
    npm publish

package/docs/PRODUCT_UPDATE_DESKTOP_TOOLBOX.md

@@ -38,7 +38,7 @@
 
 ### 2.2 第二阶段：桌面端 React 管理台
 
-当前管理页是服务端字符串 HTML，适合验证功能，但不适合长期维护桌面端和工具箱。
+管理页已迁移为 React/Vite 应用，网关生产环境只托管 `admin-ui/dist` 静态构建产物。
 
 第二阶段将管理界面迁移为 React/Vite 应用，但迁移范围只限 UI 层。
 
@@ -49,7 +49,7 @@
 - 封装 `/_gateway/*` 管理接口客户端
 - 网关生产环境托管前端静态构建产物
 - 桌面端加载同一套管理台 UI
-- 移除或降级当前 `admin-page.ts` 的职责
+- 删除服务端内嵌管理页，保留一套 React 管理台
 
 这一阶段结束后，项目形态应变为：
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-zero-token",
-  "version": "2.0.1",
+  "version": "2.0.3",
   "description": "Local-first OpenAI-compatible AI CLI and gateway with Codex OAuth, multi-account management, and gpt-image-2 image generation/editing.",
   "license": "MIT",
   "author": "AI Zero Token Contributors",
@@ -50,7 +50,9 @@
     "desktop:dev": "node scripts/dev.mjs desktop",
     "dist": "npm run build && electron-builder",
     "dist:dir": "npm run build && electron-builder --dir",
-    "dist:mac": "npm run build && electron-builder --mac",
+    "dist:mac": "npm run dist:mac:arm64 && npm run dist:mac:x64",
+    "dist:mac:arm64": "npm run build && electron-builder --mac --arm64",
+    "dist:mac:x64": "npm run build && electron-builder --mac --x64",
     "dist:win": "npm run build && electron-builder --win",
     "typecheck": "npm run typecheck:server && npm run typecheck:ui",
     "typecheck:server": "bunx tsc -p tsconfig.json --noEmit",
@@ -61,6 +63,7 @@
   "dependencies": {
     "@fastify/cors": "^11.1.0",
     "fastify": "^5.8.2",
+    "fflate": "^0.8.2",
     "zod": "^4.3.6"
   },
   "devDependencies": {
@@ -92,6 +95,12 @@
       "README.zh-CN.md",
       "LICENSE"
     ],
+    "extraResources": [
+      {
+        "from": "build/mac-install-guide.txt",
+        "to": "mac-install-guide.txt"
+      }
+    ],
     "extraMetadata": {
       "main": "dist/desktop/main.js"
     },
@@ -104,6 +113,27 @@
         "zip"
       ]
     },
+    "dmg": {
+      "contents": [
+        {
+          "x": 130,
+          "y": 160,
+          "type": "file"
+        },
+        {
+          "x": 410,
+          "y": 160,
+          "type": "link",
+          "path": "/Applications"
+        },
+        {
+          "x": 270,
+          "y": 300,
+          "type": "file",
+          "path": "build/mac-install-guide.txt"
+        }
+      ]
+    },
     "win": {
       "icon": "build/icon.ico",
       "target": [
@@ -119,9 +149,11 @@
   "files": [
     "dist",
     "admin-ui/dist",
+    "build/icon.svg",
     "build/icon.png",
     "build/icon.icns",
     "build/icon.ico",
+    "build/mac-install-guide.txt",
     "CHANGELOG.md",
     "docs/API_USAGE.md",
     "docs/DESKTOP_RELEASE.md",

package/admin-ui/dist/assets/app-mark-Gd2QnHMO.svg

@@ -1,9 +0,0 @@
-<svg width="128" height="128" viewBox="0 0 128 128" fill="none" xmlns="http://www.w3.org/2000/svg">
-  <rect x="10" y="10" width="108" height="108" rx="26" fill="#111827"/>
-  <rect x="18" y="18" width="92" height="92" rx="20" fill="#FFFFFF" fill-opacity=".08"/>
-  <path d="M39 36h50c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12H39c-6.627 0-12-5.373-12-12V48c0-6.627 5.373-12 12-12Z" fill="#F8FAFC"/>
-  <path d="M42 54h20M42 66h34M42 78h25" stroke="#111827" stroke-width="7" stroke-linecap="round"/>
-  <path d="M83 53l8 11-8 11-8-11 8-11Z" fill="#2563EB"/>
-  <path d="M71 36c3.2-9.2 11-14 23-14 0 12-4.9 19.9-14.7 23.7" stroke="#22C55E" stroke-width="7" stroke-linecap="round" stroke-linejoin="round"/>
-  <path d="M48 92c-3.2 9.2-11 14-23 14 0-12 4.9-19.9 14.7-23.7" stroke="#F59E0B" stroke-width="7" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>